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REMARKS 

Applicant had appealed this application to the Board of Patent Appeals and 
Interferences. The Office issued a new Office Action on September 20, 2005 asserting 
new grounds of rejection of all of the pending claims. Applicant filed a response to that 
Office Action traversing all rejections. The Office then issued a Final Office Action 
dated March 28, 2006 to which Applicant responded on or about May 17, 2006. In view 
of that response, the Office withdrew the final rejection, conceding that Applicant's 
arguments overcame the rejections. However, the Office has now issues a further non- 
final rejection dated July 6, 2006 in which the Office issued new rejections of all claims. 

Specifically, the Office rejected claims 11-13, 16, and 17 as obvious over Courts 
in view of newly cited U.S. Patent No. 7,010,605 issued to Dharmarajan (hereinafter 
Dharmarajan); claim 14 as obvious over Courts, Dharmarajan and Prabandham; and 
claim 1-10, 15, 18, 22, and 23 as obvious over Courts, Dharmarajan, Prabandham and 
Ng. 

These rejections are essentially identical to the rejections contained in the last 
two Office Actions except for the addition of Dharmarajan. In the two previous Office 
Actions, the issue was whether Courts disclosed that the writing of the session data to 
the shared database was performed "at a designated time that is a function of a 
predetermined time interval since a last write to said data base ..." or was "a function of 
at least one of (a) the number of times the HttpSession object data is updated in said 
local memory and (b) the number of times an http request in said http session is 
serviced". 
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In this latest Office Action, the Office has withdrawn that rejection conceding that 

Courts does not, in fact, teach these features. However, the Office has now cited 

Dharmarajan as teaching these features and asserted that it is obvious to combine such 

teachings of Dharmarajan with Courts, etc. 

The Present Invention 

The present invention pertains to a method and apparatus for updating a shared 
session database that is accessible by multiple servers. For instance, Web sites often 
divide the tasks of servicing requests into a three tier system with a different server or 
plurality of servers to handle each tier. Since http is a connectionless protocol, one 
request from a particular client can be directed to one application server while the next 
request from the same client machine might be directed to a different application server. 
Accordingly, a means must be provided for the various servers to access the session 
data developed by another server. Commonly, such sharing of http session data is 
enabled by use of a database server that is accessible to the plurality of application 
servers for storing session data. Particularly, an application server stores session data 
in local memory, but also writes a copy of the session data to the session database. If a 
different server services a request from a client, that different server can go to the 
database and read the session data for the corresponding session. The session data is 
updated in both the local memory and the database each time a request causes a 
change in the data. The writing of such session data to the shared database can 
consume a large amount of bandwidth on the network. 
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The present invention reduces the number of writes to an http session database 

in order to conserve system resources. Specifically, while each server continues to 

update the http session data in its local memory every time there is a change in the 

session data, it writes a copy of the session data to the shared database only at 

designated times. In one embodiment, the designated time is periodic. In another, it is 

after a specified number of requests in that session have been received. In yet another 

it is after a specified number of changes to the session data have been made. 

Response to Rejection 

In light of the new rejections, the only issue that has not been previously 
discussed in the prosecution of this application is the Dharmarajan reference and, 
specifically, whether it teaches the timing of the updates to the shared database that is 
lacking from Courts. 

The Office asserts that Dharmarajan teaches a method and apparatus for 
encoding session data utilized by a server computer and "the use of a session timer 
based on the last transmission sent and that session timer being set to elapse after a 
predetermined amount of time". The Office also asserted that it is obvious to combine 
such teachings of Dharmarajan with Courts, etc. "because it allows for the data to be 
periodically written to the database". 

Applicant respectfully traverses. Dharmarajan does not teach that for which it 
has been cited and therefore, no combination of Dharmarajan with Courts, etc. could 
result in the present invention. 
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MPEP §2143 lists three requirements for a proper rejection based on 

obviousness, namely: 

First, there must be some suggestion or motivation, either in the 
references themselves or in the knowledge generally available to one of 
ordinary skill in the art to modify the reference or to combine the reference 
teachings. Second, there must be a reasonable expectation of success. 
Finally, the prior art reference (or references when combined) must teach 
or suggest all the claim limitations. 

Since, as explained below, Dharmarajan does not teach writing of the session 
data to the global database "at a designated time that is a function of a predetermined 
time interval since a last write to said data base ..." or that is "a function of at least one 
of (a) the number of times the HttpSession object data is updated in said local memory 
and (b) the number of times an http request in said http session is serviced", the 
rejection must fail. 

While Dharmarajan does generically teach something akin to "the use of a 
session timer based on the last transmission sent and that session timer being set to 
elapse after a predetermined amount of time" as set forth in the Office Action, that timer 
has absolutely nothing to do with writing session data to a shared database. Teaching 
a session timer that is used for a purpose that is entirely inapposite to the claimed timer 
adds nothing relevant to the teachings of the prior art. 

The Office referred to col. 13, lines 3-35 of Dharmarajan. Col. 13, lines 3-35 and 
Figure 10 of Dharmarajan concern the updating of an encrypted cookie for sending to a 
client during a session. Applicant assumes that the Office is referring to the timer 
referenced in connection with steps 1002 and 1004 of the flowchart of Figure 10 and the 
related teachings in the specification of Dharmarajan. Figure 10 and column 13 
describe a technique for enhanced security during a session between a server and a 
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client in which the server is using information obtained from a cookie received from the 

client. Specifically, Dharmarajan addresses a drawback of previous cookie schemes as 

described in col. 2, lines 39-53, quoted below: 

Another drawback to using cookies stems from the fact that cookies are 
transmitted in the open from the client computer to the server computer. Because 
cookies are transmitted in the open over the Internet, there is a possibility that 
the cookies may be intercepted by an unauthorized recipient. An intercepted 
cookie may then be "replayed" by the unauthorized recipient to gain improper 
access to the Web server. Col. 2, lines 39-42. 

In the broader context of Dharmarajan, particularly as disclosed in connection 
with Figures 8-10, the server obtains a cookie from the client that is encrypted in the 
manner described in detail in Dharmarajan, decrypts it, identifies relevant information in 
the cookie, including one or more tags, and uses that information during the session. 

The flowchart of Figure 10 comprises the details of step 920 of the flowchart of 
Figure 9, namely, authenticating the cookie that it is already using during the session 
(col. 12, line 66 to col. 13, line 2). 

As described in col. 13, lines 3-35, the server starts a session timer (step 1002) 
and waits for it to run out (step 1004). When it runs out, it authenticates the cookie by 
requesting the cookie again from the client (step 1006-1008), decoding and decrypting 
the cookie again (step 1010), checking if the data is valid (step 1012). If so, it generates 
a new encrypted cookie and sends it to the client (step 1014) and keeps the session 
going. The process continuously repeats until the session is ended (see steps 1016 
and 1 004). However, if the data in the cookie is not valid (step 1 01 2), the server ends 
the session (step 1018) assuming that the cookie (and therefore the session) is 
fraudulent. 
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Thus, in other words, the timer at issue in this section of Dharmarajan simply 
counts the time that the server waits between authenticating the cookie (and, if 
authenticated) generating a new cookie and sending it to the client. 

There is no discussion whatsoever in Dharmarajan about how or where the 
server stores session data, let alone about writing session data to a shared database. 

Hence, Dharmarajan does not teach "writing a copy of said data for each said 
session stored in said local memory into a central memory accessible to all servers of 
said server system at designated times, said designated times being a function of a 
predetermined time interval since a last write to said database of data for said sessions" 
as recited in claim 1 1 . 

Accordingly, claim 1 1 clearly distinguishes over Courts and Dharmarajan. 

Claim 1 distinguishes over the prior art for at least all of the same reasons given 
above in connection with independent claim 1 1 . Specifically, claim 1 recites "a second 
computer program adapted to write to said database a copy of said HttpSession data for 
each said http session at a designated time that is a function of a predetermined time 
interval since a last write to said database of HttpSession object data for said http 
session". Ng does not disclose the teachings lacking from the other references 
discussed above. 

Independent claim 18 also distinguishes over the prior art of record. Specifically, 
it recites "a second computer program adapted to write a copy of said http session data 
for each said http session in said database at designated times, said designated times 
determined as a function of at least one of (a) the number of times the http session 
object data is updated in said local memory and (b) the number of times said http 
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request in said http session is serviced ". Accordingly, claim 18 distinguishes over the 

prior art for essentially the same reasons as independent claims 1 and 1 1 as discussed 

above. 

In view of the foregoing amendments and remarks, this application is now in 
condition for allowance. Applicant respectfully requests the Examiner to issue a Notice 
of Allowance at the earliest possible date. The Examiner is invited to contact 
Applicant's undersigned counsel by telephone call in order to further the prosecution of 
this case in any way. 

Respectfully submitted, 

Dated: September 20, 2006 /Theodore Naccarella/ 

Theodore Naccarella 
Registration No. 33,023 
Synnestvedt & Lechner LLP 
2600 Aramark Tower 
1101 Market Street 
Philadelphia, PA 19107 
Telephone: (215) 923-4466 
Facsimile: (215) 923-2189 
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